1 | <?php |
||
2 | |||
3 | /* |
||
4 | * @copyright 2014 Mautic Contributors. All rights reserved |
||
5 | * @author Mautic |
||
6 | * |
||
7 | * @link http://mautic.org |
||
8 | * |
||
9 | * @license GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html |
||
10 | */ |
||
11 | |||
12 | namespace Mautic\LeadBundle\Controller\Api; |
||
13 | |||
14 | use Mautic\ApiBundle\Controller\CommonApiController; |
||
15 | use Mautic\LeadBundle\Controller\LeadAccessTrait; |
||
16 | use Mautic\LeadBundle\Entity\LeadList; |
||
17 | use Symfony\Component\HttpFoundation\Response; |
||
18 | use Symfony\Component\HttpKernel\Event\FilterControllerEvent; |
||
19 | |||
20 | class ListApiController extends CommonApiController |
||
21 | { |
||
22 | use LeadAccessTrait; |
||
23 | |||
24 | public function initialize(FilterControllerEvent $event) |
||
25 | { |
||
26 | $this->model = $this->getModel('lead.list'); |
||
27 | $this->entityClass = LeadList::class; |
||
28 | $this->entityNameOne = 'list'; |
||
29 | $this->entityNameMulti = 'lists'; |
||
30 | $this->serializerGroups = ['leadListDetails', 'userList', 'publishDetails', 'ipAddress']; |
||
31 | |||
32 | parent::initialize($event); |
||
33 | } |
||
34 | |||
35 | /** |
||
36 | * Obtains a list of smart lists for the user. |
||
37 | * |
||
38 | * @return \Symfony\Component\HttpFoundation\Response |
||
39 | */ |
||
40 | public function getListsAction() |
||
41 | { |
||
42 | $lists = $this->getModel('lead.list')->getUserLists(); |
||
43 | $view = $this->view($lists, Response::HTTP_OK); |
||
44 | $context = $view->getContext()->setGroups(['leadListList']); |
||
45 | $view->setContext($context); |
||
46 | |||
47 | return $this->handleView($view); |
||
48 | } |
||
49 | |||
50 | /** |
||
51 | * Adds a lead to a list. |
||
52 | * |
||
53 | * @param int $id List ID |
||
54 | * @param int $leadId Lead ID |
||
55 | * |
||
56 | * @return \Symfony\Component\HttpFoundation\Response |
||
57 | * |
||
58 | * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException |
||
59 | */ |
||
60 | public function addLeadAction($id, $leadId) |
||
61 | { |
||
62 | $entity = $this->model->getEntity($id); |
||
63 | |||
64 | if (null === $entity) { |
||
65 | return $this->notFound(); |
||
66 | } |
||
67 | |||
68 | $contact = $this->checkLeadAccess($leadId, 'edit'); |
||
69 | if ($contact instanceof Response) { |
||
70 | return $contact; |
||
71 | } |
||
72 | |||
73 | // Does the user have access to the list |
||
74 | $lists = $this->model->getUserLists(); |
||
75 | if (!isset($lists[$id])) { |
||
76 | return $this->accessDenied(); |
||
77 | } |
||
78 | |||
79 | $this->getModel('lead')->addToLists($leadId, $entity); |
||
80 | |||
81 | $view = $this->view(['success' => 1], Response::HTTP_OK); |
||
82 | |||
83 | return $this->handleView($view); |
||
84 | } |
||
85 | |||
86 | /** |
||
87 | * Adds a leads to a list. |
||
88 | * |
||
89 | * @param int $id segement ID |
||
90 | * |
||
91 | * @return \Symfony\Component\HttpFoundation\Response |
||
92 | * |
||
93 | * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException |
||
94 | */ |
||
95 | public function addLeadsAction($id) |
||
96 | { |
||
97 | $contactIds = $this->request->request->get('ids'); |
||
98 | if (null === $contactIds) { |
||
99 | return $this->returnError('mautic.core.error.badrequest', Response::HTTP_BAD_REQUEST); |
||
100 | } |
||
101 | |||
102 | $entity = $this->model->getEntity($id); |
||
103 | |||
104 | if (null === $entity) { |
||
105 | return $this->notFound(); |
||
106 | } |
||
107 | |||
108 | // Does the user have access to the list |
||
109 | $lists = $this->model->getUserLists(); |
||
110 | if (!isset($lists[$id])) { |
||
111 | return $this->accessDenied(); |
||
112 | } |
||
113 | |||
114 | $responseDetail = []; |
||
115 | foreach ($contactIds as $contactId) { |
||
116 | $contact = $this->checkLeadAccess($contactId, 'edit'); |
||
117 | if ($contact instanceof Response) { |
||
118 | $responseDetail[$contactId] = ['success' => false]; |
||
119 | } else { |
||
120 | /* @var \Mautic\LeadBundle\Entity\Lead $contact */ |
||
121 | $this->getModel('lead')->addToLists($contact, $entity); |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
122 | $responseDetail[$contact->getId()] = ['success' => true]; |
||
123 | } |
||
124 | } |
||
125 | |||
126 | $view = $this->view(['success' => 1, 'details' => $responseDetail], Response::HTTP_OK); |
||
127 | |||
128 | return $this->handleView($view); |
||
129 | } |
||
130 | |||
131 | /** |
||
132 | * Removes given contact from a list. |
||
133 | * |
||
134 | * @param int $id List ID |
||
135 | * @param int $leadId Lead ID |
||
136 | * |
||
137 | * @return \Symfony\Component\HttpFoundation\Response |
||
138 | * |
||
139 | * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException |
||
140 | */ |
||
141 | public function removeLeadAction($id, $leadId) |
||
142 | { |
||
143 | $entity = $this->model->getEntity($id); |
||
144 | |||
145 | if (null === $entity) { |
||
146 | return $this->notFound(); |
||
147 | } |
||
148 | |||
149 | $contact = $this->checkLeadAccess($leadId, 'edit'); |
||
150 | if ($contact instanceof Response) { |
||
151 | return $contact; |
||
152 | } |
||
153 | |||
154 | // Does the user have access to the list |
||
155 | $lists = $this->model->getUserLists(); |
||
156 | if (!isset($lists[$id])) { |
||
157 | return $this->accessDenied(); |
||
158 | } |
||
159 | |||
160 | $this->getModel('lead')->removeFromLists($leadId, $entity); |
||
161 | |||
162 | $view = $this->view(['success' => 1], Response::HTTP_OK); |
||
163 | |||
164 | return $this->handleView($view); |
||
165 | } |
||
166 | |||
167 | /** |
||
168 | * Checks if user has permission to access retrieved entity. |
||
169 | * |
||
170 | * @param mixed $entity |
||
171 | * @param string $action view|create|edit|publish|delete |
||
172 | * |
||
173 | * @return bool |
||
174 | */ |
||
175 | protected function checkEntityAccess($entity, $action = 'view') |
||
176 | { |
||
177 | if ('create' == $action || 'edit' == $action || 'view' == $action) { |
||
178 | return $this->security->isGranted('lead:leads:viewown'); |
||
179 | } elseif ('delete' == $action) { |
||
180 | return $this->factory->getSecurity()->hasEntityAccess( |
||
181 | true, 'lead:lists:deleteother', $entity->getCreatedBy() |
||
182 | ); |
||
183 | } |
||
184 | |||
185 | return parent::checkEntityAccess($entity, $action); |
||
186 | } |
||
187 | } |
||
188 |